All currently available versions of MRI Ruby are either vulnerable to
attacks, failing with segmentation faults, or
change the API in ways that make it impossible to run critical Ruby
libraries such as Rails 2.0 and RSpec.
There are currently two unofficial patches submitted by ruby-talk
members that seem to fix these problems:
* http://www.ruby-forum.com/topic/157034#693292
* http://www.ruby-forum.com/topic/157034#693303
One is a backport of fixes to 1.8.6p111 by Stanislav Sedov and Hongli
Lai. The other is a fix to 1.8.6p230 by Smartleaf
which reverts a recent patch that's causing segmentation faults.
I've personally confirmed that both of these work as well as the stock
1.8.6p111 in running the Rails 2.0, RSpec 1.1.4,
and RubySpec test suites. However, I do not understand the C patches
well enough to be able to help with them myself.
Please review these patches and join in the discussion at ruby-talk or
the online thread
at http://www.ruby-forum.com/topic/157034
Thank you!
-igal